1. Home
  2. ATT&CK Techniques
  3. T1542
  4. T1542.002
Stealth Persistence

T1542.002: Component Firmware

Adversaries may modify component firmware to persist on systems. Some adversaries may employ sophisticated means to compromise computer components and install malicious firmware that will execute adve...

T1542.002 · Sub-technique ·3 platforms ·1 groups

Description

Adversaries may modify component firmware to persist on systems. Some adversaries may employ sophisticated means to compromise computer components and install malicious firmware that will execute adversary code outside of the operating system and main system firmware or BIOS. This technique may be similar to System Firmware but conducted upon other system components/devices that may not have the same capability or level of integrity checking.

Malicious component firmware could provide both a persistent level of access to systems despite potential typical failures to maintain access and hard disk re-images, as well as a way to evade host software-based defenses and integrity checks.

Platforms

WindowsLinuxmacOS

Mitigations (1)

Update SoftwareM1051

Perform regular firmware updates to mitigate risks of exploitation and/or abuse.

Threat Groups (1)

IDGroupContext
G0020Equation[Equation](https://attack.mitre.org/groups/G0020) is known to have the capability to overwrite the firmware on hard drives from some manufacturers.(Ci...

Associated Software (1)

IDNameTypeContext
S0687Cyclops BlinkMalware[Cyclops Blink](https://attack.mitre.org/software/S0687) has maintained persistence by patching legitimate device firmware when it is downloaded, incl...

Frequently Asked Questions

What is T1542.002 (Component Firmware)?

T1542.002 is a MITRE ATT&CK technique named 'Component Firmware'. It belongs to the Stealth, Persistence tactic(s). Adversaries may modify component firmware to persist on systems. Some adversaries may employ sophisticated means to compromise computer components and install malicious firmware that will execute adve...

How can T1542.002 be detected?

Detection of T1542.002 (Component Firmware) typically involves monitoring system logs, network traffic, and endpoint telemetry. Use SIEM rules, EDR solutions, and behavioral analytics to identify suspicious activity associated with this technique.

What mitigations exist for T1542.002?

There are 1 documented mitigations for T1542.002. Key mitigations include: Update Software.

Which threat groups use T1542.002?

Known threat groups using T1542.002 include: Equation.